[A] Remove certbot-auto and install certbot

sudo apt update
sudo apt install snapd
sudo snap install core; sudo snap refresh core
sudo apt-get remove certbot
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot

Ref:https://certbot.eff.org/lets-encrypt/ubuntubionic-nginx

$ bench config dns_multitenant on
$ sudo service nginx stop

(1)$ sudo certbot certonly --standalone
It will ask questions..domain name.ex
Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'
to cancel): abc.xyz.com

it would give output..like below..note the certificate path generated and ensure same is in site_config.json
   /etc/letsencrypt/live/abc.xyz.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/abc.xyz.com/privkey.pem
ensure same is in site_config.json
(2)frappe@vmi494576:~/frappe-bench/sites/abc.xyz.com$ nano site_config.json

"ssl_certificate":"/etc/letsencrypt/live/abc.xyz.com/fullchain.pem",
"ssl_certificate_key":"/etc/letsencrypt/live/abc.xyz.com/privkey.pem"

bench --site demo14.greycube.in set-config ssl_certificate `sslpath`
bench --site demo14.greycube.in set-config ssl_certificate_key `keypath`

(2.2) take backup of nginx
/frappe-bench/config$ cp nginx.conf nginx.conf_mar_2


(3)~/frappe-bench$ bench setup nginx
(4)/frappe-bench$ sudo service nginx start
(5)~/frappe-bench$ sudo service nginx reload  <-- **donot forget**

Ref:https://discuss.erpnext.com/t/certbot-auto-replaced-with-certbot/67692

to view certificate

certbot certificates

ref:
https://certbot.eff.org/docs/using.html#:~:text=You%20can%20use%20certonly%20or,Certbot%20updates%20the%20existing%20certificate.

[c] Auto renewal

Login as root or a user with superuser privileges 
and run: date (you will get client's time zone like:CEST etc.)
then run crontab -e and enter:
Set time zone from: [Set time zone](https://www.worldtimebuddy.com/)

MAILTO="[email protected]"
# run every first friday of month at 12:30 midnight
30 0 1-7 * 5 && sudo service nginx stop && sudo certbot renew --quiet && sudo service nginx start
# renew letsencrypt certificates on 1st Monday of every month and get an email if it gets executed
# 0 0 1-7 * * [ "$(date '+\%a')" = "Mon" ] && sudo service nginx stop && sudo certbot renew && sudo service nginx start
# renew letsencrypt certificates on 1st Sunday of every month and get an email if it gets executed
MAILTO="[email protected]"
30 1 1-7 * 7 sudo service nginx stop && sudo certbot renew && sudo service nginx start

# renew letsencrypt certificates on 1st Friday of every month and get an email if it gets executed
30 1 1-7 * 5 sudo service nginx stop && sudo certbot renew && sudo service nginx start

MAILTO="[email protected],[email protected]"
# run at 2:30 early morning saudi arabia time(CEST) on 1st and 3rd friday of every month
30 1 1-7 * * [ $(date +\%u) = 5 ] && sudo service nginx stop && sudo certbot renew && sudo service nginx start
30 1 15-21 * * [ $(date +\%u) = 5 ] && sudo service nginx stop && sudo certbot renew && sudo service nginx start

[D] DELETE CERTIFICATE

certbot revoke --cert-path /etc/letsencrypt/live/CERTNAME/cert.pem

certbot delete --cert-name example.com

OR
`sudo certbot delete --cert-name example.com`

once deleted need to run bench setup nginx

[E] Renew single CERTIFICATE

`sudo certbot renew --cert-name domain1.com

https://eff-certbot.readthedocs.io/en/stable/using.html#certbot-command-line-options

[F] some errors https://codewithkarani.com/2022/08/03/unknown-log-format-main-nginx/

• create A record pointing to new.greycube.in
• create SSL for new.greycube.in
• update site_config.json with

"ssl_certificate":"/etc/letsencrypt/live/new.greycube.in/fullchain.pem",
"ssl_certificate_key":"/etc/letsencrypt/live/new.greycube.in/privkey.pem",
"host_name": "new.greycube.in"

• cd sites
• mv old.greycube.in new.greycube.in
• cd ..
• sudo certbot delete --cert-name old.greycube.in
• sudo service nginx stop
• bench setup nginx
• sudo service nginx start

[G] from IP to URL

It is IP based access
rename site to url 
backup conf folder nginx and superviosr
B] Get certificate : frappe user
[c] Auto renewal